name: govulncheck on: schedule: - cron: "0 12 * * *" # 8am EST / 10am PST / 12pm UTC workflow_dispatch: # allow manual trigger for testing pull_request: paths: - ".github/workflows/govulncheck.yml" jobs: source-scan: runs-on: ubuntu-latest steps: - name: Check out code into the Go module directory uses: actions/checkout@v4 - name: Install govulncheck run: ./tool/go install golang.org/x/vuln/cmd/govulncheck@latest - name: Scan source code for known vulnerabilities run: PATH=$PWD/tool/:$PATH "$(./tool/go env GOPATH)/bin/govulncheck" -test ./... - name: Post to slack if: failure() && github.event_name == 'schedule' uses: slackapi/slack-github-action@v1.24.0 env: SLACK_BOT_TOKEN: ${{ secrets.GOVULNCHECK_BOT_TOKEN }} with: channel-id: 'C05PXRM304B' payload: | { "blocks": [ { "type": "section", "text": { "type": "mrkdwn", "text": "Govulncheck failed in ${{ github.repository }}" }, "accessory": { "type": "button", "text": { "type": "plain_text", "text": "View results" }, "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" } } ] }